This is a prototype of IPA, written in the research MPC system, MP-SPDZ.
To run the prototype, you will need to clone the MP-SPDZ repo so that it neighbors the raw-ipa repo.
From the current directory (i.e. raw-ipa/research-prototype)
cd ../..
gh repo clone data61/MP-SPDZ
cd MP-SPDZ
Then, to setup MP-SPDZ, run:
make -j 8 tldrOn a Mac, this requires brew to be installed, and on Linux it requires other certain packages to be installed. See the MP-SPDZ README for more details.
This prototype uses the replicated-ring-party.x MP-SPDZ virtual machine. To compile, make sure you're still in the MP-SPDZ directory. First, we need to compile a 32 bit ring, so we need to add one more config to CONFIG.mine by running:
echo "MOD = -DRING_SIZE=32" >> CONFIG.mineThen, to compile, run:
make clean -B -j 8 replicated-ring-party.xFinally, you'll need to setup SSL for the parties. From the raw-ipa/research-prototype directory, run:
../../MP-SPDZ/Scripts/setup-ssl.sh 3Make sure you are now back in this directory, raw-ipa/research-prototype.
You'll need to create a python virtual environment, and install the requirements.
python3 virtualenv ../.venv
source ../.venv/bin/activate
pip install -r ../requirements.txtNote that this will also install a version of the MP-SPDZ compiler. You can also install that directly with your local copy with
pip install -e ../../MP-SPDZ
From this raw-ipa/research-prototype repository, you can now run the IPA scripts with:
python ipaThis will provide you with the available commands, currently compile and generate_input.
To generate random input data points, run:
python ipa generate_inputThere are a few other options you can specify, including the size of the data, expected distribution of match keys, and even two specific test cases with expected output. Using the -h flag will provide all the command line options.
The IPA protocol is primarily implemented in raw-ipa/research-prototype/ipa/ipae2e.py, and that implementation needs to be compiled by MP-SPDZ, to then be run with one of the various MPC backends. To run the compile step:
python ipa compileJust like with generate_input, there are a number of arguments which can be passed in, which can all be seen with the -h flag. This includes skipping certain portions of the protocol to understand performance.
You can use the same arguments with both compile and generate_input (though not all are relevant.)
To simulate the MPC locally, run:
../../MP-SPDZ/Scripts/ring.sh -R 32 ipae2eMake sure you are in this directory, raw-ipa/research-prototype.
All hosts must use the same set of certificates for encrypted connections. Copy Player-data/*.pem to the MP-SPDZ folder on every host that will participate in MPC.
If you need private key to connect to a host (often the case for AWS cloud), here is a convenience command that does the copying (execute it from the host was used to generate gSSL certificates by running the command: Scripts/setup-ssl.sh)
- assume
HOSTis set to the destination host IP address or DNS name MP_SDPZ_DIRmust be set to the directory where IPA is installed, for example/home/raw-ipa/research-prototype.
rsync -e "ssh -i <ssh cert>" -Pav Player-Data $USER@$HOST:$MP_SPDZ_DIRPick one host to be the coordinator (and player 0 by convention used by MP_SPDZ).
COORDINATOR=<host IP or DNS>Run this command on the coordinator host
../../MP-SPDZ/replicated-ring-party.x --player 0 ipae2e --hostname $COORDINATORStart two other MPC parties:
host 1:
../../MP-SPDZ/replicated-ring-party.x --player 1 ipae2e --hostname $COORDINATORhost 2:
../../MP-SPDZ/replicated-ring-party.x --player 1 ipae2e --hostname $COORDINATOR